Identity Is the New Perimeter. Here’s How Businesses Are Adapting
That’s the first line of Quocirca Research’s report Getting To Know You – Building Online Relationships With Effective Identity and Access Management, and it’s a common call-to-action for IAM and IDaaS services (in fact, Quocirca’s report was sponsored by Ping Identity), but most importantly, it’s true.
Time and time again, we’ve seen organizations that rely solely on firewalls and perimeter-based security fall victim to cyber-attacks that are, at the very least, embarrassing, and at worst, disastrously damaging.
The recent hack of the federal Office of Personnel Management (OPM), for example, was made possible when hackers obtained a credential used by KeyPoint Government Solutions, a third-party contractor that conducts background investigations of applicants for federal jobs that require a security clearance.
In another example, 2013’s infamous Target data breach started in a similar manner when hackers stole a network login from an HVAC contractor working for Target Corporation.
The problem is clear, and in order to address that problem, Quocirca says that organizations must rethink the way they manage identities. According to the Getting to Know You report, just 20 percent of organizations think that their current IAM systems are “fit for purpose.” That means a whopping 80 percent of organizations are lacking confidence in their IAM solutions and are looking to modernize.
The trouble, according to a Quocirca blog post, is that many IAM systems purchased as part of a software stack from a vendor like Oracle, CA, or IBM were designed to deal with “the old way of doing things.”
Full replacement of those legacy systems is often difficult or even impossible, so many organizations are turning to a hybrid approach. The average organization has at least two IAM suppliers, according to Quocirca. More often than not, that second system is a cloud-based SaaS system designed for “provisioning users from a wide range of identity sources to other cloud applications,” says Quocirca. In other words, organizations are hanging onto legacy solutions to handle internal users and are adopting cloud-based IDaaS solutions to handle the ever-expanding perimeter of new customers and third-party users.
Quocirca found that 39 percent of respondents to the Getting to Know You research take a hybrid approach to federated identities while 53 percent do so for single sign-on; Consumer-facing organizations showed higher use percentages in both cases.